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PRE-APPEAL REQUEST FOR REVIEW 

Sir: 

Applicant in the above-identified patent application hereby requests review of the 
Official Action dated August 10, 2005, rejecting Claims 1-22 of the above-identified application. 
This request is being filed concurrent with a Notice of Appeal, and no amendments are being 
filed herewith. 

Remarks/Arguments in support of this request begin on page 2 and end on page 6 of 
this paper, and accordingly include no more than the five (5) pages of remarks permitted to be 
provided. 
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REMARKS/ARGUMENTS 

This communication is filed in response to the final Official Action of August 10, 2005. 
The final Official Action rejects Claims 1-4, 7-14, and 17-22 under 35 USC § 102(e) as being 
anticipated by U.S. Patent No. 6,453,353 to Win et al. The Official Action also rejects Claims 5, 
6, 15, and 16 under 35 USC § 103(a) as being unpatentable over Win in view of U.S. Patent No. 
6,144,959 to Anderson et al. As explained below, however, Applicants respectfully submit that 
the claimed invention includes statutory subject matter and is patentably distinct from the cited 
references and request reconsideration and reversal of all of the aforementioned rejections. 

Win discloses that a single sign-on may be utilized to give a user access to authorized 
web resources, where access to web resources is based on the user's role in the organization. 
Thus, users are not required to log in individually to each web resource. More specifically, the 
user accesses an Access Server that stores a log-in page, Authentication Client Module, and 
Access Menu Module. The Authentication Client Module verifies a user's name and password 
with a Registry Server, where the Registry Server stores information about users (e.g., name, 
password, and locale information), resources (e.g., web pages, web sites, etc.), and roles (e.g., 
employee, customer, distributor, etc.) of the users. If the name and password are correct, the 
Authentication Client Module reads the user's roles from the Registry Server, and then encrypts 
and sends this information in a cookie to the user's browser. After selecting a resource, the 
browser sends an open URL request and cookie(s) to a Protected Web Server, which is protected 
by a Runtime Module. The Runtime Module decrypts information contained in the cookie and 
uses the information to verify that the user is authorized to access the resource. The resource 
uses the cookie to return information that is customized based on the user's name and roles. 

Anderson discloses a system and method for managing user accounts in a communication 
network. The system is capable of using a single set of credentials to access servers that are 
centrally located and managed such that an administrator does not have to maintain separate 
accounts on a shared workstation for all users. A user logging in at a client workstation provides 
credentials through a log-in interface. An authentication process is employed to authenticate the 
user to the local client, as well as to one or more servers. The authentication process compares 
credentials contained in a request for access generated by the client to entries within a domain 
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database. If the credentials match, the domain authentication process allows access to the server 
process and resources. Moreover, Anderson discloses that there may be a client that provides an 
administrator access to a directory services database contained within a server that may support a 
client workstation object including log-in information. The log-in information could include a 
dynamic log-in flag that is used to indicate whether user information should be retrieved from 
the client workstation object to create a user account on a client. Thus, when the log-in process 
is initiated at the client and inspects the workstation object, the log-in process may need to 
identify if a user account should be created in the local access database of the client. 

In contrast to the disclosures described above, independent Claims 1,11,21 and 22 recite 
a method, systems, and a machine-readable medium for performing multiple user authentications 
with a single sign-on by performing a first user authentication, selecting a remote server, and 
sending a token to the remote server that contains authentication information responsive to the 
first authentication and information regarding an account for the user including at least one of a 
new account for the user and an update to an existing account for the user. The authentication 
information is then decoded to induce a second user authentication. 

User profile information may be stored by the remote server. (Page 18, line 7). The 
information regarding a new or updated user account that is included in the token of the claimed 
invention may come in various forms. With respect to the embodiment of Figure 8 of the present 
application, the token may include fields, including a field for a new user flag that is set when the 
Intranet server detects a new user. (Page 16, lines 12-15). The embodiment depicted by Figure 9 
of the present application adds the capability to transmit new or updated user profile information 
to the remote server. The remote server may store user profile information that may help the 
remote server, such as a travel reservation and book service, provide efficient service to the user 
(e.g., dietary choices, seating preferences, travel spending limits, etc.). Once the token is 
determined to be valid, the token is examined for user profile information, and the remote server 
may create an account for a new user or update an account for an existing user depending upon 
the user profile information. Thus, the multiple user authentication of the claimed invention not 
only provides a single sign-on procedure, but also provides a capacity for efficiently creating or 
updating user accounts at the remote server. 
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In the Response to Arguments, the Official Action finds that "Win teaches sending the 
cookies with the updated information to remote servers." In addition, the Official Action alleges 
that information regarding user configuration or user roles may be modified or updated. The 
Official Action interprets Win as disclosing that user information corresponds to "roles," while 
"role cookies" are sent to remote resources. Moreover, the Official Action finds that Win 
discloses that new account information can be sent to remote resource with the role cookie to be 
updated by a user or an administrator. 

While Win discloses a single sign-on through an Access Server to access protected web 
resources, Win does not disclose sending a token to a remote server that contains authentication 
information responsive to a first authentication and information regarding an account for the user 
including at least one of a new account for the user and an update to an existing account for the 
user , as recited by independent Claims 1, 1 1, 21 and 22. Win arguably discloses that the URL 
request and associated cookies contain authentication information, as the cookies contain profile 
information and a list of the user's roles. The profile information, such as username and 
password, allows the user to log in to the system and is used to verify that the user is authorized 
to access a resource, while the roles, such as employee or supplier, define the resources that are 
available to the user. 

However, updating the profile information of Win may be achieved when the user 
updates profile or locale information within the Profile Management Service of Authentication 
Client module, which is associated with the Access Server, not the remote resources, such as the 
remote server that maintains the current user account information pursuant to the claimed 
invention. Moreover, Win discloses that an administrator may find, list, create, delete, and 
modify user role records. Therefore, updated information is not included with the cookies since 
updating occurs at the Access Server or Registry Server (see Figures 1 and 4 of Win). Similarly, 
Win does not disclose that the cookies contain information regarding a new account for the user. 
Simply providing the capability of updating or adding a new account is significantly different 
than providing information regarding a new account or an update to an existing account with a 
token to a remote server, as recited by the claimed invention. 
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The Examiner relies upon col. 8, line 46 - col. 9, line 40 for the proposition that user 
information relates to "roles" and that "role cookies" are sent to remote resources. Assuming 
that the Examiner's characterization of Win is correct, the specific portion of Win relied upon 
only discloses that users may change their account profiles at the Access Server. This is unlike 
the claims of the present application, as described above, in which tokens reflective of new or 
updated user account information are sent to a remote server. In this regard, Win nowhere 
discloses that the cookies contain information regarding an update to an existing account or 
information regarding a new account in addition to containing authentication information. 

The Examiner further relies upon col. 7, lines 58-67 of Win as disclosing that cookies 
may be sent with updated information. However, this particular portion of Win pertains to 
"configuration changes." Win discloses that an example of a configuration change could be 
adding resources to the Protected Server, where Win describes examples of resources as web 
pages, web sites, a web-enabled database, and an applet. Thus, configuration changes 
correspond to system level changes rather than information regarding an account for a user. In 
particular, configuration changes are distinctly different than information regarding an update to 
an existing user's account or information regarding a new account for a user, as recited by the 
claimed invention. As such, the Examiner mischaracterizes configuration changes as 
corresponding to "user configurations," as stated in the Response to Arguments. 

Also, in the Response to Arguments the Official Action finds that "Win teaches that new 
account information can be sent to a remote resource (or server) with the 'role cookie' which can 
be updated by either the Administrator or a user." However, the Official Action again relies 
upon the portion of Win that discloses configuration changes, which as described above, is 
distinctly different from tokens containing information regarding an update to an existing 
account or information regarding a new account for the user, as recited by the claimed invention. 

Moreover, Anderson shares similar shortcomings to that of Win in that Anderson also 
does not teach or suggest sending a token to a remote server that contains authentication 
information responsive to a first authentication and information regarding an account for the user 
including at least one of a new account for the user and an update to an existing account for the 
user. Although Anderson arguably discloses sending authentication information in the form of 
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credential information, the credential information does not include information regarding a new 
account and/or an update to an existing account for a user, as recited by the claimed invention. 
Anderson discloses that credential information corresponds to username, password, log-in 
information for a database, a log-in script, retinal scan, or fingerprint information. Thus, the 
credential information is only used for authentication. 

Applicants also submit that a number of dependent claims, including Claims 5, 6, 15, and 
16, are further distinguishable from the cited references, including Anderson. In this regard, 
Claims 5 and 15 recite that the information regarding an account for the user in the token 
includes a new user flag, while Claims 6 and 16 recite that the remote server creates a new user 
account in response to the new user flag. Although Anderson discloses that a dynamic log-in 
flag 317 may be utilized, the flag is maintained in a directory services database 223 that is 
associated with a server 103 A (See Figure 2 A of Anderson). The log-in process 207 is initiated 
at a client 102 A that inspects the directory services database 223 to determine whether a new 
user account should be created in the local access database 203 maintained in the client. In this 
regard, the dynamic log-in flag is not contained within a token that is sent from the client to the 
server, as recited by Claims 5, 6, 15, and 16, as the flag is pre-stored at the server. Therefore, the 
dynamic user flag is not contained within a token that is sent to the server due to the fact that the 
flag is already located at the server before the log-in process begins. 

Thus, neither Win nor Anderson, taken individually or in combination teach or suggest 
including information regarding an account for the user including at least one of a new account 
for the user and an update to an existing account for the user in a token that is sent to a remote 
server, as recited by independent Claims 1, 1 1, 21, and 22. Since the independent claims are 
patentably distinct from the cited references, the claims that depend therefrom are also 
distinguishable from the cited references for at least the same reasons since the dependent claims 
include each of the elements of a respective independent claim. In addition, Applicants submit 
that a number of dependent claims, including Claims 5, 6, 15, and 16, are further distinguishable 
from the cited references. Consequently, Applicants submit that, for at least those reasons above, 
the rejections of the claims under 35 U.S.C. § 102(e) and 35 U.S.C. § 103(a) are overcome. 
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CONCLUSION 



For at least the foregoing reasons, Applicants respectfully request that the rejections be 
reversed and that a Notice of Allowance be issued. 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1.136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 16-0605. 
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